Going Further                                                              Chapter 13

            Workflow

            Workflow is a catch-all term used throughout the book to reference both the formal and
            informal processes built into conducting a thorough security audit of a new site. An
            example of a formal process might be a list of different types of vulnerabilities you'd like to
            ensure you check for in any application, or even just a general outline of the different
            phases of your engagement, from discovery to wrap-up and reporting. An informal process
            example would be the internal heuristics you use to decide whether applying a tool in a
            given situation is worth it.


            Zero-Day

            A common term in security and an important one, a zero-day is a previously undiscovered
            vulnerability.



            Summary

            Hopefully, this chapter has built on $IBQUFS   , Other Tools and the rest of this book, to
            give you a sense of not just the technologies to explore and incorporate into your workflow,
            but also learning resources, communities, and other hubs for important security content
            that can help you grow as a security researcher and programmer.



            Questions


                   1.  What are some good pentesting and security-related blogs?
                   2.  What type of testing methodology do public bug bounty programs use: black box
                      or white box testing?
                   3.  What's the harm represented by a vulnerability that allows for RCE?
                   4.  What's safe harbor?
                   5.  What does CORS stand for? What is its purpose?
                   6.  What does the term security posture mean?
                   7.  What does the practice of fingerprinting an application accomplish?
                   8.  What does OSCP stand for?






                                                    [ 207 ]